Research: Home security systems vulnerable to hackers, cyberattacks

You probably knew that hackers could break into your email account and the NSA can listen in on your calls. But did you know that your home security system may be vulnerable to a cyberattack also?

Hackers can easily compromise the signals being sent by wireless sensors in newer security systems, potentially preventing those systems from alerting homeowners when someone has broken into their house, according to new research. Meanwhile, Google’s DropCam Web cam, which has become popular as a low-cost security monitoring system for consumers, is at risk of being used to monitor its owners, according to separate research.

Both research findings will be presented in Las Vegas next month at the twin security conferences there, Black Hat and Def Con.

Logan Lamb, a researcher at the Department of Energy’s Oak Ridge National Laboratory, will present his findings about the vulnerabilities of home security systems at Black Hat.

Many of the latest home security systems rely on wireless sensors to detect when doors or windows are opened or when someone is moving inside a house. Security companies have been switching over to wireless sensors, because they are far cheaper to install; instead of having to run wire through the house, installers can simply affix them to a window or a door.

But Lamb found that the signal the sensors transmit to the alarm panel are typically unencrypted, meaning that they can be easily intercepted and spoofed. He has demonstrated that hackers could monitor the movements of people in and out of the house, jam sensor signals that might warn of a break-in or set off false alarms, using nothing more than an inexpensive, off-the-shelf radio connected to a laptop computer. He’s been able to compromise systems from popular security companies including both ADT and Vivint.

“The idea of covering a home with more security sensors does not translate into a more secure home,” Lamb told Forbes.

Meanwhile, Patrick Wardle and Colby Moore, who are researchers at security firm Synack, will present their findings about DropCam at Def Con. Wardle and Moore found that a DropCam system can be compromised by someone who has physical access to the device.

When a DropCam is booting up, it can be put into a mode that would allow someone to install malicious software. The software could be used to intercept video feeds coming from the camera or to replace the live video sent to the owners with another video stream.

In interviews with Forbes, both the security companies and DropCam played down the significance of the security flaws. But the vulnerabilities are further proof that in the digital world nothing — even those intended to enhance security — are absolutely secure.